/*
 * ==========================================================================*\
 * | $Id$
 * |*-------------------------------------------------------------------------*|
 * | Copyright (C) 2009 Virginia Tech | | This file is part of CloudSpace. | |
 * CloudSpace is free software; you can redistribute it and/or modify | it under
 * the terms of the GNU General Public License as published | by the Free
 * Software Foundation; either version 3 of the License, or | (at your option)
 * any later version. | | CloudSpace is distributed in the hope that it will be
 * useful, | but WITHOUT ANY WARRANTY; without even the implied warranty of |
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | GNU General
 * Public License for more details. | | You should have received a copy of the
 * GNU General Public License | along with CloudSpace; if not, see
 * <http://www.gnu.org/licenses/>.
 * \*==========================================================================
 */

package cloudspace.security;

import java.security.AccessControlException;

import org.springframework.security.core.context.SecurityContextHolder;

import cloudspace.config.CloudSpaceConfiguration;
import cloudspace.security.permissions.PermissionToken;
import cloudspace.security.permissions.PermissionsManager;
import cloudspace.vm.filesystem.CSPath;


public class CloudController
{
    // ~ Constructors ..........................................................

    // ----------------------------------------------------------
    private CloudController()
    {
        // Do nothing; prevent instantiation.
    }


    // ~ Methods ...............................................................

    // ----------------------------------------------------------
    public static boolean checkWriteNoThrow( CSPath path )
    {
        Object principal = SecurityContextHolder.getContext()
            .getAuthentication()
            .getPrincipal();

        if ( principal instanceof CloudSpaceUser )
        {
            CloudSpaceUser user = (CloudSpaceUser)principal;

            PermissionToken permission = PermissionsManager.getInstance()
                .lookupPermission( path, user );

            if ( !permission.allowsWrite() )
            {
                return false;
            }
        }
        else if ( principal instanceof String
            && principal.equals( "anonymousUser" ) )
        {
            if ( CloudSpaceConfiguration.getInstance().isMultiUser() /*
                                                                      * || !is
                                                                      * connecting
                                                                      * from
                                                                      * localhost
                                                                      */)
            {
                return false;
            }
        }

        return true;
    }


    // ----------------------------------------------------------
    public static void checkWrite( CSPath path ) throws AccessControlException
    {
        if ( !checkWriteNoThrow( path ) )
        {
            throw new AccessControlException( "Write access denied to " + path );
        }
    }


    // ----------------------------------------------------------
    public static boolean checkReadNoThrow( CSPath path )
        throws AccessControlException
    {
        Object principal = SecurityContextHolder.getContext()
            .getAuthentication()
            .getPrincipal();

        if ( principal instanceof CloudSpaceUser )
        {
            CloudSpaceUser user = (CloudSpaceUser)principal;

            PermissionToken permission = PermissionsManager.getInstance()
                .lookupPermission( path, user );

            if ( !permission.allowsRead() )
            {
                return false;
            }
        }
        else if ( principal instanceof String
            && principal.equals( "anonymousUser" ) )
        {
            if ( CloudSpaceConfiguration.getInstance().isMultiUser() /*
                                                                      * || !is
                                                                      * connecting
                                                                      * from
                                                                      * localhost
                                                                      */)
            {
                return false;
            }
        }

        return true;
    }


    // ----------------------------------------------------------
    public static void checkRead( CSPath path ) throws AccessControlException
    {
        if ( !checkReadNoThrow( path ) )
        {
            throw new AccessControlException( "Read access denied to " + path );
        }
    }
}
